发布日期:2010-01-19
更新日期:2010-03-24
受影响系统:
Linux kernel 2.6.x
不受影响系统:
Linux kernel 2.6.32.4
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 37906
CVE ID: CVE-2010-0291
Linux Kernel是开放源码操作系统Linux所使用的内核。
Linux Kernel的某些mmap()和mremap()调用可能泄露内存内存,本地用户可以利用这个漏洞耗尽所有可用的内存,导致拒绝服务。
建议:
--------------------------------------------------------------------------------
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1996-1)以及相应补丁:
DSA-1996-1:New Linux 2.6.26 packages fix several vulnerabilities
链接:http://www.debian.org/security/2010/dsa-1996
补丁下载:
Source archives:
Architecture independent packages:
alpha architecture (DEC Alpha)
amd64 architecture (AMD x86_64 (AMD64))
arm architecture (ARM)
armel architecture (ARM EABI)
hppa architecture (HP PA RISC)
i386 architecture (Intel ia32)
ia64 architecture (Intel ia64)
mips architecture (MIPS (Big Endian))
mipsel architecture (MIPS (Little Endian))
powerpc architecture (PowerPC)
s390 architecture (IBM S/390)
Linux
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2010:0161-01)以及相应补丁:
RHSA-2010:0161-01:Important: kernel-rt security and bug fix update
链接:https://www.redhat.com/support/errata/RHSA-2010-0161.html
Ubuntu
------
Ubuntu已经为此发布了一个安全公告(USN-894-1)以及相应补丁:
USN-894-1:linux, linux-source-2.6.15 vulnerabilities
链接:http://www.ubuntu.com/usn/USN-894-1